The Power of Cracking Passwords

Ivan Golubev’s blog points out that power supply and heat dissipation can impact the speed of brute forcing passwords with graphics cards.

Apparently lowering GPU core frequency resulting in “closer to estimations” performance. My first guess was that there is internal throttling in 6990 and so overheating causing performance drop. I’ve even posted in official forum about this but some more experiments reveals that I wasn’t totally true. Answer was pretty simple:

[…]

Yep, by default it isn’t enough power provided for 6990 to make it work with 100% performance

[…]

…make sure you have proper cooling and PSU as looks like official 375W TDP can easily became 450W and this means A LOT of heat you’re need to deal with somehow.

The Radeon HD 6990 graphics cards have dropped to under $400, which is very tempting, but only for air-cooled. So the cost of reaching peak brute-force performance levels of 10 billion passwords per second with ighashgpu really must be measured in terms of cost of liquid cooling and clean supply of power (around $4,000 for a complete system). It’s a nice example of how security is tied to energy and efficiency. Golubev actually provides a spreadsheet of performance per dollar but it doesn’t mention environmental factors that support peak performance.

To put this all in perspective, a strong mixed upper-lower case alphanumeric with symbols password that is 8 digits long on a Microsoft OS could take around 20 days to crack for less than $5,000. Since password change cycles are usually 90 days…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.